Scan Corrupted Windows Drive from Bootable Linux

[MastaFlippah]

Had a question to see if anyone has come across this situation before. I'm fairly new to Linux but I have used it before on USB Drives to retreive files from corrupt drives.

However, I have a new scenario brought to me where the main drive on the computer is Windows based. I'm pretty sure it has a trojan or malware on it. I know that I can load Ubuntu onto a USB in order to retreive the files if I wanted to reformat. But the owner would like to not have to go through the steps for reformatting.

So my question is if there is a way to use a virus/malware scanner that is familiar with Windows systems on the Linux bootable USB?

Any help would be appreciated. Thank you!

[atreyu]

Why not just run the virus scanner in Windows? Possibly in Safe mode. The damage to the OS has already been done. If you're worried about replication on the network, just unplug it. Or am I misunderstanding your question...

If you want a "safe" way to boot into Windows, you could try creating a BartPE boot disk - it is like Linux Rescue CD for Windows.

[yancek]

You don't indicate which version of Ubuntu you have. The link below explains how to do this with Ubuntu 9.10. Some steps may be different if you have Ubuntu 11.04, the latest version but this should give you the general idea.

Scan a Windows PC for Viruses from a Ubuntu Live CD - How-To Geek

[atreyu]

I use AVG's Linux client and it is pretty good (just caught something last week with the Windows version of it!)

[arochester]

I have used Kaspersky. Look here: FOSS Boss: Killing Virii with Gentoo and Kaspersky

The link in the article is out of date. The current version of Kaspersky is here: Index of /devbuilds/RescueDisk10/

[HROAdmin26]

Google: linux windows repair distro

[MastaFlippah]

Thank you all for your responses. Like I said, I do greatly appreciate the information. Just to give closure on the subject, but I used one of the link's from HROAdmin26's response: Trinity Rescue Kit. I was able to boot from the CD I created and run a virus scan. It did find a couple files that were infected and quarantined them. Then when I booted Windows I quickly had to Open C:\ and delete the files that were quarantined. The files already started to try and load into the system. So, even after that I booted from my Windows disk and repaired it.

Thank you ALL very much again for your help. I know I will be back on here for other support issues at some point as I'm interested in having one system at home loaded with Linux.

[Rubberman]

Glad you sorted all that out. I usually remove the corrupt system drive from the Windows system, plug it into an appropriate carrier/enclosure and scan it from my Linux system. I actually use 3 scanners, each of which does some stuff better than the others. The scanners I use are ClamAV (open source free), F-Prot (proprietary - I use paid version, but free is available), and McAfee's free Linux scanner. Lately, I'm seeing more and more viruses that infect the files on the recovery partition as well, so if you reinstall the OS that way, it starts out with a root kit on it... Nasty stuff for sure!

[BoDiddley]

Where ever the file came from, deleting them might not be enough. If they left behind an autostart feature, you will need to clean the boot routine from the registry - or they will just keep hitting you.